Error attempting to create a Cassandra cluster using Docker Swarm - docker

I am trying to configure a Cassandra cluster using Docker Swarm.
The containers keep on dying and restarting. Based on logs, it seems to be that they cannot connect to each other.
The cluster does not seem healthy:
root#f6d8d694f8d4:/# nodetool describecluster
Cluster Information:
Name: Test Cluster
Snitch: org.apache.cassandra.locator.SimpleSnitch
DynamicEndPointSnitch: enabled
Partitioner: org.apache.cassandra.dht.Murmur3Partitioner
Schema versions:
UNREACHABLE: [10.0.8.2, 10.0.2.2]
This is a snippet of logs:
io.netty.channel.ConnectTimeoutException: connection timed out: /10.0.2.2:7000
at io.netty.channel.epoll.AbstractEpollChannel$AbstractEpollUnsafe$2.run(AbstractEpollChannel.java:576)
at io.netty.util.concurrent.PromiseTask.runTask(PromiseTask.java:98)
at io.netty.util.concurrent.ScheduledFutureTask.run(ScheduledFutureTask.java:170)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:384)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Unknown Source)
WARN [OptionalTasks:1] 2022-10-19 20:29:55,349 CassandraRoleManager.java:344 - CassandraRoleManager skipped default role setup: some nodes were not ready
Based on the logs, it seems to be that some nodes are not reachable.
This is my Dockerfile, which contains just some tools:
FROM cassandra:4.0.6
RUN apt -y update && apt -y install net-tools && apt install iputils-ping
And this is my Docker compose file:
version: '3.2'
services:
cassandra0:
image: my_cassandra:latest
volumes:
- ./cassandra/0:/var/lib/cassandra
networks:
- cassandra
environment:
CASSANDRA_BROADCAST_ADDRESS: "cassandra0"
HEAP_NEWSIZE: "128M"
MAX_HEAP_SIZE: "512M"
ports:
- 7000
- 9072
- 7199
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
cassandra1:
image: my_cassandra:latest
volumes:
- ./cassandra/1:/var/lib/cassandra
networks:
- cassandra
environment:
CASSANDRA_BROADCAST_ADDRESS: "cassandra1"
CASSANDRA_SEEDS: "cassandra0"
HEAP_NEWSIZE: "128M"
MAX_HEAP_SIZE: "512M"
ports:
- 7000
- 9072
- 7199
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
cassandra2:
image: my_cassandra:latest
volumes:
- ./cassandra/2:/var/lib/cassandra
networks:
- cassandra
environment:
CASSANDRA_BROADCAST_ADDRESS: "cassandra2"
CASSANDRA_SEEDS: "cassandra0"
HEAP_NEWSIZE: "128M"
MAX_HEAP_SIZE: "512M"
ports:
- 7000
- 9072
- 7199
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
cassandra3:
image: my_cassandra:latest
volumes:
- ./cassandra/3:/var/lib/cassandra
networks:
- cassandra
environment:
CASSANDRA_BROADCAST_ADDRESS: "cassandra3"
CASSANDRA_SEEDS: "cassandra0"
HEAP_NEWSIZE: "128M"
MAX_HEAP_SIZE: "512M"
ports:
- 7000
- 9072
- 7199
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
cassandra4:
image: my_cassandra:latest
volumes:
- ./cassandra/4:/var/lib/cassandra
networks:
- cassandra
environment:
CASSANDRA_BROADCAST_ADDRESS: "cassandra4"
CASSANDRA_SEEDS: "cassandra0"
HEAP_NEWSIZE: "128M"
MAX_HEAP_SIZE: "512M"
ports:
- 7000
- 9072
- 7199
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
networks:
cassandra:
external: true
This is my overlay network:
...
"Name": "cassandra",
"Id": "w4ooyvfgyuslnlhl0e9tmyfw2",
"Created": "2022-10-19T22:37:14.60262042+02:00",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.0.10.0/24",
"Gateway": "10.0.10.1"
}
]
}
...
The following Docker compose file works, but I cannot see any relevant difference from the previous one. Only I changed were the containers
and the network names.
version: "3.2"
services:
################################################################
# The Casandra cluster
# - cassandra-node1
################################################################
cassandra-001:
image: my_cassandra
environment:
CASSANDRA_BROADCAST_ADDRESS: "cassandra-001"
HEAP_NEWSIZE: "128M"
MAX_HEAP_SIZE: "1024M"
volumes:
- ./volumes/001:/var/lib/cassandra
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
networks:
- cluster_net
################################################################
# The Casandra cluster
# - cassandra-node2
################################################################
cassandra-002:
image: my_cassandra
environment:
CASSANDRA_BROADCAST_ADDRESS: "cassandra-002"
CASSANDRA_SEEDS: "cassandra-001"
HEAP_NEWSIZE: "128M"
MAX_HEAP_SIZE: "1024M"
volumes:
- ./volumes/002:/var/lib/cassandra
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
networks:
- cluster_net
################################################################
# The Casandra cluster
# - cassandra-node3
################################################################
cassandra-003:
image: my_cassandra
environment:
CASSANDRA_BROADCAST_ADDRESS: "cassandra-003"
CASSANDRA_SEEDS: "cassandra-001"
HEAP_NEWSIZE: "128M"
MAX_HEAP_SIZE: "1024M"
volumes:
- ./volumes/003:/var/lib/cassandra
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
networks:
- cluster_net
################################################################
# The Casandra cluster
# - cassandra-node4
################################################################
cassandra-004:
image: my_cassandra
environment:
CASSANDRA_BROADCAST_ADDRESS: "cassandra-004"
CASSANDRA_SEEDS: "cassandra-001"
HEAP_NEWSIZE: "128M"
MAX_HEAP_SIZE: "1024M"
volumes:
- ./volumes/004:/var/lib/cassandra
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
networks:
- cluster_net
################################################################
# The Casandra cluster
# - cassandra-node5
################################################################
cassandra-005:
image: my_cassandra
environment:
CASSANDRA_BROADCAST_ADDRESS: "cassandra-005"
CASSANDRA_SEEDS: "cassandra-001"
HEAP_NEWSIZE: "128M"
MAX_HEAP_SIZE: "1024M"
volumes:
- ./volumes/005:/var/lib/cassandra
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
networks:
- cluster_net
networks:
cluster_net:
external:
name: cassandra


The error stack you posted indicates that the nodes cannot gossip with each other over the private internode port 7000.
You need to make sure there's network connectivity between the containers and that there is bi-directional route on port 7000. Cheers!

Related

docker swarm phpmyadmin can't login to mysql server

So i have deploy my stack application and everything is working as expected. Three container replicas running. Now i access phpmyadmin and try to login to the mysql but i got the error: mysqli::real_connect(): php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution
Both the phpmyadmin and mysql container are on the same network.
version: "3.9"
service:
db:
image: mysql
#container_name: mysql_db
command: --default-authentication-plugin=mysql_native_password
restart: always
secrets:
- mysql_root_password
- mysql_database
- mysql_user
- mysql_password
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/mysql_root_password
MYSQL_DATABASE_FILE: /run/secrets/mysql_database
MYSQL_USER_FILE: /run/secrets/mysql_user
MYSQL_PASSWORD_FILE: /run/secrets/mysql_password
ports:
- "9906:3306"
networks:
- back-tier
volumes:
- alpine-db_backup:/var/lib/mysql
- alpine-mysql_logs:/var/log/mysql
- alpine-mysql_cnf:/etc/mysql
deploy:
replicas: 3
placement:
constraints: [node.role == manager]
resources:
reservations:
memory: 128M
limits:
memory: 256M
restart_policy:
condition: on-failure
delay: 30s
max_attempts: 10
window: 60s
update_config:
parallelism: 1
delay: 10s
max_failure_ratio: 0.3
phpmyadmin:
image: phpmyadmin
#container_name: phpmyadmin
ports:
- 8080:80
environment:
PMA_HOST: db
PMA_PORT: 3306
PMA_ARBITRARY: 1
depends_on:
- db
networks:
- back-tier
- front-tier
deploy:
replicas: 2
resources:
limits:
cpus: '0.50'
memory: 50M
reservations:
cpus: '0.25'
memory: 20M
restart_policy:
condition: on-failure
delay: 30s
max_attempts: 10
networks:
front-tier:
driver: overlay
back-tier:
driver: overlay

For containers on the same network, to get another service's name resolved, you should use its name without the stack name as prefix. So, your PMA_HOST should be db, not titanfxbmp_db.
version: "3.9"
services:
db:
image: mysql
...
phpmyadmin:
image: phpmyadmin
...
environment:
PMA_HOST: db
PMA_PORT: 3306

schema-registry in KAFKA not able to retrieve Cluster ID

I try to install a Kafka environment based on confluent images. After "docker-compose up" all my containers are up and running, but after one minute the schema-registry failed
in the scheme-registry log I found this error message explaining that it failed to get the Kafka cluster Id
I checked the kafka logs and found this :
"[2021-08-05 15:59:17,074] INFO Cluster ID = ddchQ8odQM-hF67TJO97Ng (kafka.server.KafkaServer)"
So Cluster ID is well created. It seems that schema-registry is not able to retreive the Cluster ID but I really don't understand what happen here, I think it is a network issue, I tried many things to fix it but whithout success
here my docker-compose.yaml
services:
zookeeper:
image: confluentinc/cp-zookeeper
hostname: zookeeper
container_name: zookeeper
# networks:
# - my-network
ports:
- 2181:2181
environment:
ZOOKEEPER_CLIENT_PORT: 2181
ZOOKEEPER_TICK_TIME: 2000
deploy:
resources:
limits:
cpus: "1.00"
memory: "1024M"
kafka:
image: confluentinc/cp-kafka
container_name: kafka
depends_on:
- zookeeper
# networks:
# - my-network
ports:
- 9092:9092
- 30001:30001
environment:
# KAFKA_CREATE_TOPICS: toto
KAFKA_BROKER_ID: 1
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true"
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 100
KAFKA_JMX_PORT: 30001
KAFKA_JMX_HOSTNAME: kafka
KAFKA_CONFLUENT_SCHEMA_REGISTRY_URL: http://schema-registry:8081
deploy:
resources:
limits:
cpus: "1.00"
memory: "2048M"
kafka-jmx-exporter:
build: ./materials/tools/prometheus-jmx-exporter
container_name: jmx-exporter
ports:
- 8080:8080
links:
- kafka
# networks:
# - my-network
environment:
JMX_PORT: 30001
JMX_HOST: kafka
HTTP_PORT: 8080
JMX_EXPORTER_CONFIG_FILE: kafka.yml
deploy:
resources:
limits:
cpus: "1.00"
memory: "1024M"
prometheus:
build: ./materials/tools/prometheus
container_name: prometheus
# networks:
# - my-network
ports:
- 9090:9090
spark-master:
container_name: spark-master
build: ./materials/spark
user: root
# networks:
# - my-network
volumes:
- ./materials/spark/connectors:/connectors
- ./materials/spark/scripts:/scripts/
- ./materials/consumer:/scripts/consumer
- ./secrets:/scripts/secrets
- ./materials/spark/jars_dir:/opt/bitnami/spark/.ivy2:z
ports:
- 8085:8080
- 7077:7077
- 4040:4040
environment:
- INIT_DAEMON_STEP=setup_spark
deploy:
resources:
limits:
cpus: "1.00"
memory: "1024M"
# - SPARK_MODE=master
# - SPARK_RPC_AUTHENTICATION_ENABLED=no
# - SPARK_RPC_ENCRYPTION_ENABLED=no
# - SPARK_LOCAL_STORAGE_ENCRYPTION_ENABLED=no
# - SPARK_SSL_ENABLED=no
spark-worker-1:
container_name: spark-worker-1
build: ./materials/spark
user: root
# networks:
# - my-network
depends_on:
- spark-master
ports:
- 8083:8085
- 4041:4040
environment:
- "SPARK_MASTER=spark://spark-master:7077"
- SPARK_MODE=worker
- SPARK_MASTER_URL=spark://spark-master:7077
- SPARK_WORKER_MEMORY=1G
- SPARK_WORKER_CORES=1
- SPARK_RPC_AUTHENTICATION_ENABLED=no
- SPARK_RPC_ENCRYPTION_ENABLED=no
- SPARK_LOCAL_STORAGE_ENCRYPTION_ENABLED=no
- SPARK_SSL_ENABLED=no
deploy:
resources:
limits:
cpus: "1.00"
memory: "2048M"
reservations:
cpus: "1.00"
memory: "1024M"
schema-registry:
image: confluentinc/cp-schema-registry
hostname : schema-registry
container_name : schema-registry
#command: /bin/sh -c 'tail -f /dev/null'
command: /bin/schema-registry-start /etc/schema-registry/schema-registry.properties
depends_on:
- kafka
ports:
- 8081:8081
# networks:
# - my-network
environment:
# SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: kafka:29092
SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: kafka-1:9092
SCHEMA_REGISTRY_HOST_NAME: schema-registry
SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:8081
SCHEMA_REGISTRY_DEBUG: "true"
SCHEMA_REGISTRY_KAFKASTORE.INIT.TIMEOUT.MS: 120000
deploy:
resources:
limits:
cpus: "1.00"
memory: "2048M"
producer:
build: ./materials/producer
container_name: producer
depends_on:
- kafka
# networks:
# - my-network
environment:
KAFKA_BROKER_URL: kafka-1:9092
TRANSACTIONS_PER_SECOND: 30
kafkastream:
build: ./materials/kafkastream
container_name: kafkastream
depends_on:
- kafka
# networks:
# - my-network
environment:
KAFKA_BROKER_URL: kafka-1:9092
TRANSACTIONS_PER_SECOND: 5
rest-proxy:
image: confluentinc/cp-kafka-rest
depends_on:
- kafka
- schema-registry
# networks:
# - my-network
ports:
- 8082:8082
hostname: rest-proxy
container_name: rest-proxy
#command: /bin/kafka-rest-start
environment:
KAFKA_REST_HOST_NAME: rest-proxy
KAFKA_REST_BOOTSTRAP_SERVERS: kafka:29092
KAFKA_REST_LISTENERS: http://0.0.0.0:8082
KAFKA_REST_SCHEMA_REGISTRY_URL: http://schema-registry:8081
#networks:
#my-network:
# external: false
# my-network:
My last try was to completly remove the network in the docker-compose file, that is why all the lines related to networks are commented here.
Any hint or idea will be appreciate
Thanks

I finally found the solution. My mystake was to add the following line in my docker-compose.yml file : "command: /bin/schema-registry-start /etc/schema-registry/schema-registry.properties". In that way, schema-registry start by taken into acount the default configuration of the schema-registry.properties file that is of course not suitable to my local installation and ignore all the environment parameter passed in the docke-compose.yaml file.

PLAINTEXT_HOST://localhost:9092 , change to kafka-1 or use kafka:29092

How to mae Traefik as reverse-proxy with docker-compose?

I have docker-compose build with symfony on apache and angular on nginx. It is possible that more docker-compositions can be run, so now I want to make my own DNS using traefik - I want to set hostname of each app, make docker-compose up and resolve apps with hostname when they are ready.
Traefik docker-compose:
version: '3.1'
networks:
proxy:
external: true
internal:
external: false
services:
traefik:
image: traefik:v2.1
command: --api.insecure=true --providers.docker
labels:
- traefik.frontend.rule=Host:monitor.docker.localhost
- traefik.port=8080
networks:
- proxy
ports:
- 80:80
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
Apps docker-compose:
# Run docker-compose build
# Run docker-compose up
# Live long and prosper
version: '3.1'
networks:
proxy:
external: true
internal:
external: false
services:
apache:
build: .docker/apache
container_name: sf4_apache
volumes:
- .docker/config/vhosts:/etc/apache2/sites-enabled
- ./backend:/home/wwwroot/sf4
depends_on:
- php
labels:
- traefik.http.routers.sf4_apache.rule=Host(`symfony.docker.localhost`)
- traefik.http.services.apache.loadbalancer.server.port=80
networks:
- internal
- proxy
php:
build: .docker/php
container_name: sf4_php
volumes:
- ./backend:/home/wwwroot/sf4
- ./executor:/home/wwwroot/pipe
networks:
- internal
labels:
- traefik.enable=false
nginx:
container_name: angular_nginx
build: .docker/nginx
volumes:
- ./frontend/dist/frontend:/usr/share/nginx/html
ports:
- "81:80"
- "443:443"
labels:
- traefik.http.routers.angular_nginx.rule=Host(`angular.docker.localhost`)
networks:
- internal
- proxy
node:
build: .docker/node
container_name: angular_node
ports:
- 4200:4200
volumes:
- ./frontend:/home/node/app/frontend
tty: true
command:
- /bin/sh
- -c
- |
cd /home/node/app/frontend && npm start
expose:
- "4200"
networks:
- internal
labels:
- traefik.enable=false
Can't make it work: sometimes I get Bad Gateway at domains (symfony.docker.localhost), sometimes it crushed because both servers using one port, so please help me to run this correctly

First, docker frontend and backend are deprecated in version 2.1 check this link
here is an example of doing the same in traefik 2.1
version: '3.7'
networks:
traefik:
external: true
volumes:
db_data:
services:
proxy:
image: traefik:v2.1
command:
- '--providers.docker=true'
- '--entryPoints.web.address=:80'
- '--providers.providersThrottleDuration=2s'
- '--providers.docker.watch=true'
- '--providers.docker.swarmMode=true'
- '--providers.docker.swarmModeRefreshSeconds=15s'
- '--providers.docker.exposedbydefault=false'
- '--providers.docker.defaultRule=Host("local.me")'
- '--accessLog.bufferingSize=0'
- '--api=true'
- '--api.dashboard=true'
- '--api.insecure=true'
- '--ping.entryPoint=web'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
ports:
- '80:80'
- '8080:8080'
deploy:
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
update_config:
delay: 10s
order: start-first
parallelism: 1
rollback_config:
parallelism: 0
order: stop-first
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
networks:
- traefik
mysql:
image: mysql:5.7
command: mysqld --general-log=1 --general-log-file=/var/log/mysql/general-log.log
deploy:
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
update_config:
delay: 10s
order: start-first
parallelism: 1
rollback_config:
parallelism: 0
order: stop-first
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
networks:
- traefik
volumes:
- db_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: dummy
MYSQL_DATABASE: rails_blog_production
rails_blog_web:
image: wshihadeh/rails_blog:demo-v1
command: 'web'
deploy:
labels:
- traefik.enable=true
- traefik.http.services.blog.loadbalancer.server.port=8080
- traefik.http.routers.blog.rule=Host(`blog.local.me`)
- traefik.http.routers.blog.service=blog
- traefik.http.routers.blog.entrypoints=web
- traefik.docker.network=traefik
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
update_config:
delay: 10s
order: start-first
parallelism: 1
rollback_config:
parallelism: 0
order: stop-first
logging:
driver: json-file
options:
'max-size': '10m'
'max-file': '5'
networks:
- traefik
depends_on:
- mysql
environment:
DATABASE_URL: mysql2://root:dummy#mysql/rails_blog_production
RAILS_SERVE_STATIC_FILES: 'true'
for more information, you can check this blog post

Docker Swarm with Traefik: containers are up but getting 404

I am struggling to get a Docker swarm stack set up using traefik. I decided to try traefik as an alternative to jwolder/nginx-proxy, as unfortunately the latter does not seem to support Docker swrarm mode. But I'm finding traefik to be a problem (probably my fault!).
I have a WordPress container (replicated) and a MySQL container, alongside the traefik container. All of the containers in the swarm are created and start, and docker logs <container_id> reveals no errors, but when I visit 'example.org' (not the real domain) I just see 404 page not found. So it must be a communication issue between traefik and the containers I wish to proxy. However I also don't see the traefik dashboard, so perhaps soemthing else is going on.
Here is my docker-compose file:
version: '3'
services:
traefik:
image: traefik:latest
command: --api.insecure=true \
--providers.docker=true \
--providers.docker.exposedbydefault=false \
--providers.docker.swarmmode=true \
--providers.docker.watch=true \
--logLevel=DEBUG
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
deploy:
mode: global
placement:
constraints:
- node.role == manager
db:
image: mysql:5.7
volumes:
- ./db/initdb.d:/docker-entrypoint-initdb.d
networks:
- traefik
environment:
MYSQL_ROOT_PASSWORD: <root_password>
MYSQL_DATABASE: <db_name>
MYSQL_USER: <db_user>
MYSQL_PASSWORD: <user_password>
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
app:
image: my-repo/wordpress:latest
depends_on:
- db
networks:
- traefik
environment:
- VIRTUAL_PORT=80
- VIRTUAL_HOST=example.org
deploy:
replicas: 2
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:example.org"
networks:
traefik:
The orignal nginx-proxy setup works nicely, but, as I say, won't allow me to run a swarm. I have been experimenting with traefik for only a day, so it's probably a schoolboy error of some kind.
N.B: I am aliasing my actual .org domain to 127.0.0.1 in my /etc/hosts. Perhaps that's an issue? I can't imagine it would be, I've been running Docker containers with that setup for ages without a problem.

OK, so I got it to work in non-swarm mode with the following docker-compose file:
version: '3'
services:
traefik:
image: "traefik:v2.0.0-rc3"
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
db:
image: mysql:5.7
volumes:
- ./db/initdb.d:/docker-entrypoint-initdb.d
networks:
- traefik
environment:
MYSQL_ROOT_PASSWORD: <root_password>
MYSQL_DATABASE: <db_name>
MYSQL_USER: <db_user>
MYSQL_PASSWORD: <user_password>
app:
image: my-repo/wordpress:latest
depends_on:
- db
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.rule=Host(`example.org`)"
- "traefik.http.routers.app.entrypoints=web"
networks:
traefik:
And then I tried the following swarm configuration, which worked:
version: '3'
services:
traefik:
image: "traefik:v2.0.0-rc3"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.swarmmode=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
deploy:
mode: global
placement:
constraints: [node.role==manager]
db:
image: mysql:5.7
volumes:
- ./db/initdb.d:/docker-entrypoint-initdb.d
networks:
- traefik
environment:
MYSQL_ROOT_PASSWORD: <root_password>
MYSQL_DATABASE: <db_name>
MYSQL_USER: <db_user>
MYSQL_PASSWORD: <user_password>
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
app:
image: my-repo/wordpress:latest
networks:
- traefik
deploy:
replicas: 2
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.rule=Host(`example.org`)"
- "traefik.http.routers.app.entrypoints=web"
- "traefik.http.services.app.loadbalancer.server.port=80"
networks:
traefik:
More specifically, I got it to work only after adding the command
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
and the proxied container label
- "traefik.http.services.app.loadbalancer.server.port=80"
... so I'm not really sure what I did right. Would be grateful for any light that could be shed on that.
It's working now, though, at least.
UPDATE: The Traefik docs state that the label
traefik.http.services.<service_name>.loadbalancer.server.port
is mandatory for Docker swarm mode (look under Services on that page). So it seems as if I was just missing that.

Portainer in Docker swarm stack with Traefik refuses to connect

I am trying to include Portainer in a docker-compose swarm, consisting of WordPress + MySQL and Traefik (reverse proxy). I am using the following definition:
version: '3'
services:
traefik:
image: "traefik:v2.0.0-rc3"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.swarmmode=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
deploy:
mode: global
placement:
constraints: [node.role==manager]
portainer:
image: portainer/portainer:latest
command: -H unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./portainer:/data
networks:
- traefik
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role==manager]
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=web"
db:
image: mysql:5.7
volumes:
- ./db/initdb.d:/docker-entrypoint-initdb.d
networks:
- traefik
environment:
MYSQL_ROOT_PASSWORD: <root_password>
MYSQL_DATABASE: <db_name>
MYSQL_USER: <db_user>
MYSQL_PASSWORD: <user_password>
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
app:
image: my-repo/wordpress:latest
networks:
- traefik
deploy:
replicas: 2
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.rule=Host(`example.org`)"
- "traefik.http.routers.app.entrypoints=web"
- "traefik.http.services.app.loadbalancer.server.port=80"
networks:
traefik:
Everything works except portainer. When I visit localhost:9000 I just get a refused connection. The following non-swarm-mode docker-compose works, however:
version: '3'
services:
traefik:
image: "traefik:v2.0.0-rc3"
container_name: "traefik"
restart: always
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
portainer:
image: portainer/portainer
command: -H unix:///var/run/docker.sock
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./portainer:/data
ports:
- "9000:9000"
- "8000:8000"
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=web"
db:
image: mysql:5.7
restart: always
volumes:
- ./db/initdb.d:/docker-entrypoint-initdb.d
networks:
- traefik
environment:
MYSQL_ROOT_PASSWORD: <root_password>
MYSQL_DATABASE: <db_name>
MYSQL_USER: <db_user>
MYSQL_PASSWORD: <user_password>
app:
image: my-repo/wordpress:latest
restart: always
depends_on:
- db
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.rule=Host(`example.org`)"
- "traefik.http.routers.app.entrypoints=web"
networks:
traefik:
What am I doing wrong? The logs in each case are the same. In non-swarm-mode I can log in to the Portainer UI and see all my containers running, etc. But the swarm version simply refuses to connect, even when I pass Host rule (portainer.example.org). I have only been using Traefik for a few days, and am very likely to be making a simple configuration error (hopefully!).

Port Detection
Docker Swarm does not provide any port detection information to Traefik.
Therefore you must specify the port to use for communication by using the label traefik.http.services.<service_name>.loadbalancer.server.port (Check the reference for this label in the routing section for Docker).

Resources